Extracted

• • Target

    d9d82be627a33423a03d13505486f6a5_JaffaCakes118

  • Size

    38KB

  • MD5

    d9d82be627a33423a03d13505486f6a5

  • SHA1

    e15a64c1797c7c65e33c6819e5eb72480b64d7ba

  • SHA256

    2abc6086c5fba1e96de06b850a55509f7e13ac011db6af9c78299df87b21c9a3

  • SHA512

    ad61780e430fc464ef72d4eff407eb2dd805e83369ad48b2a36c98a504e9eebd87cac20e97ccdf52215c1f538af834c844ae48749c832ce6a0115d0cb3d86951

  • SSDEEP

    384:Nk12VwXEnFbNXIaPIyD42OQ9EAi4Cm5PrgTxofe+E1soe+8GcJjvVzqsFF6E:NkYeEndNZjD4u9trc6s24+dzqsFFx

  Score

  10^/10

  credential_accessdiscoveryspywarestealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer
  behavioral1behavioral2